X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/4c6c49190b5a8949120d822e053657f64146df70..09cbdc3074b3f1e69c9c537875146f6da0a6ed8f:/lib/controller/rpc/conn.go diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go index d9d24260bb..4d8a82ce43 100644 --- a/lib/controller/rpc/conn.go +++ b/lib/controller/rpc/conn.go @@ -5,6 +5,7 @@ package rpc import ( + "bufio" "bytes" "context" "crypto/tls" @@ -12,6 +13,7 @@ import ( "errors" "fmt" "io" + "io/ioutil" "net" "net/http" "net/url" @@ -21,6 +23,8 @@ import ( "git.arvados.org/arvados.git/sdk/go/arvados" "git.arvados.org/arvados.git/sdk/go/auth" + "git.arvados.org/arvados.git/sdk/go/ctxlog" + "git.arvados.org/arvados.git/sdk/go/httpserver" ) const rfc3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00" @@ -36,7 +40,9 @@ func PassthroughTokenProvider(ctx context.Context) ([]string, error) { } type Conn struct { - SendHeader http.Header + SendHeader http.Header + RedactHostInErrors bool + clusterID string httpClient http.Client baseURL url.URL @@ -145,7 +151,21 @@ func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arva path = strings.Replace(path, "/{uuid}", "/"+uuid, 1) delete(params, "uuid") } - return aClient.RequestAndDecodeContext(ctx, dst, ep.Method, path, body, params) + err = aClient.RequestAndDecodeContext(ctx, dst, ep.Method, path, body, params) + if err != nil && conn.RedactHostInErrors { + redacted := strings.Replace(err.Error(), strings.TrimSuffix(conn.baseURL.String(), "/"), "//railsapi.internal", -1) + if strings.HasPrefix(redacted, "request failed: ") { + redacted = strings.Replace(redacted, "request failed: ", "", -1) + } + if redacted != err.Error() { + if err, ok := err.(httpStatusError); ok { + return wrapHTTPStatusError(err, redacted) + } else { + return errors.New(redacted) + } + } + } + return err } func (conn *Conn) BaseURL() url.URL { @@ -159,6 +179,13 @@ func (conn *Conn) ConfigGet(ctx context.Context) (json.RawMessage, error) { return resp, err } +func (conn *Conn) VocabularyGet(ctx context.Context) (arvados.Vocabulary, error) { + ep := arvados.EndpointVocabularyGet + var resp arvados.Vocabulary + err := conn.requestAndDecode(ctx, &resp, ep, nil, nil) + return resp, err +} + func (conn *Conn) Login(ctx context.Context, options arvados.LoginOptions) (arvados.LoginResponse, error) { ep := arvados.EndpointLogin var resp arvados.LoginResponse @@ -302,6 +329,103 @@ func (conn *Conn) ContainerUnlock(ctx context.Context, options arvados.GetOption return resp, err } +// ContainerSSH returns a connection to the out-of-band SSH server for +// a running container. If the returned error is nil, the caller is +// responsible for closing sshconn.Conn. +func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSHOptions) (sshconn arvados.ConnectionResponse, err error) { + u, err := conn.baseURL.Parse("/" + strings.Replace(arvados.EndpointContainerSSH.Path, "{uuid}", options.UUID, -1)) + if err != nil { + err = fmt.Errorf("url.Parse: %w", err) + return + } + return conn.socket(ctx, u, "ssh", url.Values{ + "detach_keys": {options.DetachKeys}, + "login_username": {options.LoginUsername}, + "no_forward": {fmt.Sprintf("%v", options.NoForward)}, + }) +} + +// ContainerGatewayTunnel returns a connection to a yamux session on +// the controller. The caller should connect the returned resp.Conn to +// a client-side yamux session. +func (conn *Conn) ContainerGatewayTunnel(ctx context.Context, options arvados.ContainerGatewayTunnelOptions) (tunnelconn arvados.ConnectionResponse, err error) { + u, err := conn.baseURL.Parse("/" + strings.Replace(arvados.EndpointContainerGatewayTunnel.Path, "{uuid}", options.UUID, -1)) + if err != nil { + err = fmt.Errorf("url.Parse: %w", err) + return + } + return conn.socket(ctx, u, "tunnel", url.Values{ + "auth_secret": {options.AuthSecret}, + }) +} + +// socket sets up a socket using the specified API endpoint and +// upgrade header. +func (conn *Conn) socket(ctx context.Context, u *url.URL, upgradeHeader string, postform url.Values) (connresp arvados.ConnectionResponse, err error) { + addr := conn.baseURL.Host + if strings.Index(addr, ":") < 1 || (strings.Contains(addr, "::") && addr[0] != '[') { + // hostname or ::1 or 1::1 + addr = net.JoinHostPort(addr, "https") + } + insecure := false + if tlsconf := conn.httpClient.Transport.(*http.Transport).TLSClientConfig; tlsconf != nil && tlsconf.InsecureSkipVerify { + insecure = true + } + netconn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: insecure}) + if err != nil { + return connresp, fmt.Errorf("tls.Dial: %w", err) + } + defer func() { + if err != nil { + netconn.Close() + } + }() + bufr := bufio.NewReader(netconn) + bufw := bufio.NewWriter(netconn) + + tokens, err := conn.tokenProvider(ctx) + if err != nil { + return connresp, err + } else if len(tokens) < 1 { + return connresp, httpserver.ErrorWithStatus(errors.New("unauthorized"), http.StatusUnauthorized) + } + postdata := postform.Encode() + bufw.WriteString("POST " + u.String() + " HTTP/1.1\r\n") + bufw.WriteString("Authorization: Bearer " + tokens[0] + "\r\n") + bufw.WriteString("Host: " + u.Host + "\r\n") + bufw.WriteString("Upgrade: " + upgradeHeader + "\r\n") + bufw.WriteString("Content-Type: application/x-www-form-urlencoded\r\n") + fmt.Fprintf(bufw, "Content-Length: %d\r\n", len(postdata)) + bufw.WriteString("\r\n") + bufw.WriteString(postdata) + bufw.Flush() + resp, err := http.ReadResponse(bufr, &http.Request{Method: "POST"}) + if err != nil { + return connresp, fmt.Errorf("http.ReadResponse: %w", err) + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusSwitchingProtocols { + ctxlog.FromContext(ctx).Infof("rpc.Conn.socket: server %s did not switch protocols, got status %s", u.String(), resp.Status) + body, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 10000)) + var message string + var errDoc httpserver.ErrorResponse + if err := json.Unmarshal(body, &errDoc); err == nil { + message = strings.Join(errDoc.Errors, "; ") + } else { + message = fmt.Sprintf("%q", body) + } + return connresp, fmt.Errorf("server did not provide a tunnel: %s: %s", resp.Status, message) + } + if strings.ToLower(resp.Header.Get("Upgrade")) != upgradeHeader || + strings.ToLower(resp.Header.Get("Connection")) != "upgrade" { + return connresp, fmt.Errorf("bad response from server: Upgrade %q Connection %q", resp.Header.Get("Upgrade"), resp.Header.Get("Connection")) + } + connresp.Conn = netconn + connresp.Bufrw = &bufio.ReadWriter{Reader: bufr, Writer: bufw} + connresp.Header = resp.Header + return connresp, nil +} + func (conn *Conn) ContainerRequestCreate(ctx context.Context, options arvados.CreateOptions) (arvados.ContainerRequest, error) { ep := arvados.EndpointContainerRequestCreate var resp arvados.ContainerRequest @@ -337,6 +461,139 @@ func (conn *Conn) ContainerRequestDelete(ctx context.Context, options arvados.De return resp, err } +func (conn *Conn) GroupCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupCreate + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupUpdate + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupGet(ctx context.Context, options arvados.GetOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupGet + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupList(ctx context.Context, options arvados.ListOptions) (arvados.GroupList, error) { + ep := arvados.EndpointGroupList + var resp arvados.GroupList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupContents(ctx context.Context, options arvados.GroupContentsOptions) (arvados.ObjectList, error) { + ep := arvados.EndpointGroupContents + var resp arvados.ObjectList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupShared(ctx context.Context, options arvados.ListOptions) (arvados.GroupList, error) { + ep := arvados.EndpointGroupShared + var resp arvados.GroupList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupDelete + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupTrash(ctx context.Context, options arvados.DeleteOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupTrash + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupUntrash(ctx context.Context, options arvados.UntrashOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupUntrash + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LinkCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Link, error) { + ep := arvados.EndpointLinkCreate + var resp arvados.Link + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LinkUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.Link, error) { + ep := arvados.EndpointLinkUpdate + var resp arvados.Link + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LinkGet(ctx context.Context, options arvados.GetOptions) (arvados.Link, error) { + ep := arvados.EndpointLinkGet + var resp arvados.Link + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LinkList(ctx context.Context, options arvados.ListOptions) (arvados.LinkList, error) { + ep := arvados.EndpointLinkList + var resp arvados.LinkList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LinkDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.Link, error) { + ep := arvados.EndpointLinkDelete + var resp arvados.Link + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LogCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Log, error) { + ep := arvados.EndpointLogCreate + var resp arvados.Log + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LogUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.Log, error) { + ep := arvados.EndpointLogUpdate + var resp arvados.Log + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LogGet(ctx context.Context, options arvados.GetOptions) (arvados.Log, error) { + ep := arvados.EndpointLogGet + var resp arvados.Log + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LogList(ctx context.Context, options arvados.ListOptions) (arvados.LogList, error) { + ep := arvados.EndpointLogList + var resp arvados.LogList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LogDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.Log, error) { + ep := arvados.EndpointLogDelete + var resp arvados.Log + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + func (conn *Conn) SpecimenCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Specimen, error) { ep := arvados.EndpointSpecimenCreate var resp arvados.Specimen @@ -372,6 +629,13 @@ func (conn *Conn) SpecimenDelete(ctx context.Context, options arvados.DeleteOpti return resp, err } +func (conn *Conn) SysTrashSweep(ctx context.Context, options struct{}) (struct{}, error) { + ep := arvados.EndpointSysTrashSweep + var resp struct{} + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + func (conn *Conn) UserCreate(ctx context.Context, options arvados.CreateOptions) (arvados.User, error) { ep := arvados.EndpointUserCreate var resp arvados.User @@ -384,12 +648,6 @@ func (conn *Conn) UserUpdate(ctx context.Context, options arvados.UpdateOptions) err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } -func (conn *Conn) UserUpdateUUID(ctx context.Context, options arvados.UpdateUUIDOptions) (arvados.User, error) { - ep := arvados.EndpointUserUpdateUUID - var resp arvados.User - err := conn.requestAndDecode(ctx, &resp, ep, nil, options) - return resp, err -} func (conn *Conn) UserMerge(ctx context.Context, options arvados.UserMergeOptions) (arvados.User, error) { ep := arvados.EndpointUserMerge var resp arvados.User @@ -451,6 +709,36 @@ func (conn *Conn) APIClientAuthorizationCurrent(ctx context.Context, options arv err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } +func (conn *Conn) APIClientAuthorizationCreate(ctx context.Context, options arvados.CreateOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationCreate + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationUpdate + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationDelete + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) { + ep := arvados.EndpointAPIClientAuthorizationList + var resp arvados.APIClientAuthorizationList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationGet(ctx context.Context, options arvados.GetOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationGet + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} type UserSessionAuthInfo struct { UserUUID string `json:"user_uuid"` @@ -487,3 +775,26 @@ func (conn *Conn) UserAuthenticate(ctx context.Context, options arvados.UserAuth err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } + +// httpStatusError is an error with an HTTP status code that can be +// propagated by lib/controller/router, etc. +type httpStatusError interface { + error + HTTPStatus() int +} + +// wrappedHTTPStatusError is used to augment/replace an error message +// while preserving the HTTP status code indicated by the original +// error. +type wrappedHTTPStatusError struct { + httpStatusError + message string +} + +func wrapHTTPStatusError(err httpStatusError, message string) httpStatusError { + return wrappedHTTPStatusError{err, message} +} + +func (err wrappedHTTPStatusError) Error() string { + return err.message +}